2. PHPRunner General questions
  3. AES 256 encryption
This topic is locked

AES 256 encryption

 		5/8/2020 3:26:51 PM
PHPRunner General questions
L
 lcslouis author

I am trying to get a vb.net program using the openssl implementation to be able to read what phprunner encrypts.
The issue I'm seeing when setting phprunner to encryption code-based 256bit aes the max keysize in cipheraes.php stays at 32.

The other issue is that the program uses no padding.

Every implementation I try errors out complaining either key is too small or the no padding.
I just need to know how exactly the openssl in phprunner works. So I can give the vb.net openssl libraries the correct configuration.
Sergey Kornilov admin 5/8/2020

You can find more info in this article https://xlinesoft.com/phprunner/docs/encryption.htm or you will need to study PHPRunner source code.
I just wanted to add that if you need cross-compatibility like this you can have better luck using database-based encryption.
L
 		lcslouis author 5/8/2020

The issue of why I don't use database encryption is that in the program it says max supported is aes 128
according to mysql max and MS SQL is 256 can this be updated in the program to support?
256bit is a project requirement I have.
Sergey Kornilov admin 5/8/2020

Got it. Check files ciphereraes.php and ciphereres.php in source\classes folder of PHPRunner.
L
 		lcslouis author 5/16/2020

I have been looking at the files and the biggest issue I see and biggest headache is the program isn't using any padding.
What would be the thing to change in this line to change the padding to PKS_7 or Would it be possible to make it where IV and padding type can be selected on the security encryption page and stored with the project like the encryption key is.
Being able to update or change those options would open up better and more secure encryption.
the encryption having no padding is seen as being less secure instead of using the normal pks_7.

bin2hex(openssl_encrypt($source, $this->SSLMethod, $this->key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $this->INITIALISATION_VECTOR));
Sergey Kornilov admin 5/18/2020

While I don't the answer for you here is the openssl_encrypt function documentation that should help:

https://www.php.net/manual/en/function.openssl-encrypt.php